Small to Midsize Business Security Capabilities Falling as Attack Sophistication Rises

Working with limited resources and being asked to “do more with less” is often par for the course for small and midsize businesses (SMBs). Smaller companies are also credited with being more nimble than their enterprise counterparts, adopting next-generation tools more quickly and experimenting with new business models. However, a new survey of CSOs and SecOps Managers reveals that more SMBs are putting themselves at increased risk for cyber attacks by forgoing critical security capabilities and processes.

In the 2016 Cisco Annual Security Report, Cisco researchers detail some of the latest advanced attacks and trends shaping the security industry. Online criminals are continually evolving their attack methods to evade detection and accomplish their goals. They’re building resiliency into their operations; if detected, attackers quickly reconfigure and reconstitute on new systems in minutes. Security professionals need to fill the gaps in their defenses and improve their own resilience to these advanced attacks.

Small and Midsize Businesses as the Weak Link

Criminals often gain access into one network as a means to gain access to another. In their quest for high value customer data, some attackers find it more feasible to breach large enterprises by first compromising one of their smaller vendors or business partners. According to the report, SMBs are less likely than large enterprises to have incident response and threat intelligence teams. They also use fewer processes to analyze and recover from compromises.

Even worse, SMBs reported that they are using fewer processes to analyze compromises and fewer threat defense tools than they did just last year.

Besides the obvious benefit of staying out of the headlines, SMBs that effectively invest in security capabilities can leverage those investments as a competitive differentiator and build a reputation of trust in the market, particularly with their enterprise customers. The alternative could pose serious financial risk, data loss and significant downtime to the SMB as well as the enterprises they support.

Security Solutions for SMBs Without Compromise

Budget constraints were cited as the biggest obstacle to SMBs adopting advanced security processes and technology. Smaller organizations face the same threats as large companies, but have been traditionally underserved in the cybersecurity market. Today, SMBs have many more cost effective options available to boost their defenses than they did just a few years ago. Security technology once only available to the enterprise is now accessible to SMBs with limited budgets.

At Cisco, we believe the most effective way for SMB organizations to improve security is with continuous threat protection that is both pervasive and integrated. This goes beyond traditional point-in-time detection and taps into context-rich threat intelligence, dynamic malware analysis, and retrospective security to allow continuous breach detection, response, and remediation before, during and after an attack. Cisco ASA with FirePOWER Services for SMB offers industry-leading threat protection, low total cost of ownership and simplified management. Offered in SMB-friendly desktop or rackmount form factors, these NGFWs provide the same superior threat protection technologies as larger Cisco ASA 5500-X Series NGFWs, which achieved the highest security efficacy rating in third party testing. Not only does the SMB get industry leading stateful firewall and VPN capabilities with the ASA, it also gets deep contextual awareness of its IT security via next gen IPS (NGIPS), Advance Malware Protection (AMP), Application Visibility and Control (AVC) as well as URL filtering with FirePOWER Services.

With these tools, SMB organizations can reduce their exposure and remain resilient in the face of today’s sophisticated attacks. To read more about the latest threat intelligence and industry trends, download the 2016 Cisco Annual Security Report. To find out how Cisco can improve your small or midsize organization’s defenses, visit out website.

Honestly it seems the hackers have won despite great efforts by Cisco, customers, and government agencies. Everyday there seems to be another attack by hackers who successfully penetrate networks and steal valuable information.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.